LJ
"Security by obscurity". It never took off. I suspect one can enumerate
through a list of fields to see which ones exist by making calls to a
Mid Tier servlet and examining the response, but regardless, Mid Tier /
AR System will be stopping any harm coming of such calls.
(Equally, you can make as many calls to the LoginServlet as you wish but
unless you've got a valid username/password, it's not going to let you
in. We all know a login process exists, but we're not trying to hide it.)
I wouldn't suggest a single form, as you've got views, so ideally
there's one HTML and one JS per form/view combination, cached on disc at
the Mid Tier level.
But as I pointed out, some server side pre-processing can add obscurity
if desired. Doug makes a good point and it can easily be addressed.
John
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"
